The EU's Consumer Rights Directive (CRD) applies to all businesses selling products, services and digital content to European consumers.

The CRD represents a major change in Europe’s consumer regulatory landscape, bringing changes that carry a significant compliance impact, especially for online businesses.

As of 13th June 2014, the new rules have been implemented into national law across all key European markets. In the UK, the rules have been implemented by the Consumer Contracts (Information, Cancellation and Additional Charges) Regulations 2013 and the Consumer Rights (Payment Surcharges) Regulations 2012.

This briefing note gives an overview of the key changes and addresses some of the common challenges digital businesses face when assessing how to balance user experience with robust compliance under the new framework.

What are the top 10 changes I need to know about?

1. 14 day cooling off period: Customers can cancel an order without charge within 14 days of purchase (for services) or receipt of goods (for goods)

3. Ban on pre-ticked boxes: Additional services must not be pre-selected in the transaction process and extra costs must be transparent

4. Payment buttons: If clicking a button will oblige the customer to pay, the button must clearly indicate this (e.g. "Pay Now" but not "Order and Proceed")

5. No excess payment surcharges: Charges for using credit cards and other payment methods must reflect real cost to seller

6. Pre- and post-contract information obligations: The rules include a new list of information to be provided on a "durable medium", which now has new definition

7. Information obligations now implied terms of contract: This means the contract may not bind the customer at all if you fail to fully comply (but business will still be obliged to perform)

8. Model cancellation form: Must be made available, but will not restrict customers' options for communicating their cancellation

9. Ban on premium rate customer service numbers: If you have a customer service phone line, it must charge no more than the basic call rate

10. Delivery restrictions & accepted payment methods must be indicated upfront: This information must be clear before the consumer is obliged to pay

What compliance challenges does the CRD present for digital businesses?

Experience so far shows that digital businesses are facing challenges when deciding how to comply with the new distance selling rules under the CRD, especially with regard to cancellation rights and refunds. Available guidance from national regulators has often not addressed the kinds of practical compliance measures online businesses must now implement.

As a "maximum harmonisation” Directive, in order to avoid country specific variances, the EU Commission was itself keen to publish unifying guidance applicable across the EU. In background briefings during 2013 members of this firm were promised practical high level guidance would be made available.

Yet, at the 11th hour, it seems this is still yet to materialise. A flurry of thoughts in February this year socialised some suggestions for a transparency model for digital sales which suggested the use of icons to inform consumers during internet and mobile sales. Perhaps the proposed use of iconography was too much for industry to bear? We can at least borrow some ideas for what “good” would look like from Germany (whose current rules the CRD is based upon). What is clear is that online merchants face extremely convoluted new rules and scant examples of how to proceed.

For example, businesses selling digital items generally want to rely on the exception from the 14 day cooling off period for digital content. This ensures that they are not obliged to refund customers who may have used and enjoyed fully functioning digital products. However, in order for this exception to apply, the business must:

- obtain the customer's express consent to the content being provided right away and acknowledgement that they will lose their right to cancel; and

- confirm that consent and acknowledgment, plus other mandatory information, in a durable medium within a reasonable time.

Implementing this in practice may be straightforward, or more complex, depending on factors affecting your customers' user journey, such as whether your business controls the full transaction flow, whether you are using a bespoke or multi-vendor platform (such as a social media network) and how payments are made (e.g. cash, credit, virtual currency).

What happens if we don’t comply?

National regulators will be keen to set examples during 2014 and 2015, and businesses that fail to comply with the new requirements run the risk of:

- civil or sometimes criminal action, for serious breaches;

- negative PR and customer backlash;

- customers not having to pay for your products and services, whilst the business remains obliged to provide them; and

- questions around revenue recognition where non-compliance with the CRD potentially renders online sales voidable by customers for extended periods.

What should I do now?

Since the new rules are in force as of 13th June 2014, you should act fast to assess the impact on your business and update your compliance programme as necessary. For more guidance, please contact David Lewis or Sonal Patel.